Illustrated Network Router Roles The intermediate systems or network nodes used on the Illustrated Network are routers.. In short, remote access and fi le transfer can be very helpful fo
Trang 1bsdclient> ssh -l remote-user@CEO
remote-user@ce0’s password:
- JUNOS 8.4R1.3 built 2007-08-06 06:58:15 UTC
remote-user@CEO>
These examples show the conventions that will appear in this book when com-mand-line procedures are shown All prompts, output, and code listings appear like this Whenever a user types a command to produce some output, the command typed will appear like this We’ll see CLI examples from Windows hosts as well
Illustrated Network Router Roles
The intermediate systems or network nodes used on the Illustrated Network are routers Not all of the routers play the same role in the network, and some have switching capabilities The router’s role depends on its position in the network Generally, smaller routers populate the edge of the network near the LANs and hosts, while larger routers populate the ISP’s network core The routers on our network have one of three network-centric designations; we have LAN switches also, but these are not routers
■ Customer edge (CE): These two routers belong to us, in our role as the customer
who owns and operates the hosts and LANs These CE routers are smaller than the other routers in terms of size, number of ports, and capabilities Technically,
on this network, they perform a gateway role
■ Provider edge (PE): These two routers gather the traffi c from customers
( typically there are many CE routers, of course) They are not usually accessible
by customers
■ Provider (P): These six routers are arranged in what is often called a “quad.” The
two service providers on the Illustrated Network each manage two providers’ routers in their network core Quads make sure traffi c fl ows smoothly even if any one router or one link fails on the provider’s core networks
■ Ethernet LAN switches: The network also contains two Ethernet LAN
switches We’ll spend a lot of time exploring switches later For now, consider that switches operate on Layer 2 frames and routers operate on Layer 3 packets
Now, what is this second example telling us? First of all, it tells us that routers, just like ordinary hosts, will allow a remote user to log in if they have the correct user ID and password It would appear that routers aren’t all that much different from hosts However, this can be a little misleading Hosts generally have different roles in a network than routers For now, we’ll just note that for security reasons, you don’t want
it to be easy for people to remotely access routers, because intruders can cause a lot
of damage after compromising just a single router In practice, a lot more security than just passwords is employed to restrict router access
Trang 2Secure remote access to a router is usually necessary, so not running the process or
entity that allows remote access isn’t an option An organization with a large network could have routers in hundreds of locations scattered all over the country (or even the
world) These devices need management, which includes tasks such as changing the
con-fi guration of the routers Router concon-fi guration often includes details about the protocols’ operation and other capabilities of the router, which can change as the network evolves Software upgrades need to be distributed as well Troubleshooting procedures often require direct entry of commands to be executed on the router In short, remote access and fi le transfer can be very helpful for router and network management purposes
File Transfer to a Router
Let’s look at the transfer of a new router confi guration fi le, for convenience called routerconfig.txt, from a client host (wincli2) to router CE0 This time we’ll use a GUI for the fi le transfer protocol (FTP) application, which will be shown as a fi gure, as in Figure 1.2 First, we have to remotely access the router
The main window section in the fi gure shows remote access and the fi le listing of the default directory on the router, which is /var/home/remote (the router uses the Unix fi le system) The listing in the lower right section is the contents of the default
FIGURE 1.2
Remote access for FTP using a GUI Note how the different panes give different types of
information, yet bring it all together.
Trang 3directory, not part of the command/response dialog between host and router The lower left section shows the fi le system on the host, which is a Windows system Note that the fi le transfer is not encrypted or secured in any way
Most “traditional” Unix-derived TCP/IP applications have both CLI and GUI interfaces available, and which one is used is usually a matter of choice Older Unix systems, the kind most often used on the early Internet, didn’t typically have GUI interfaces, and
a lot of users prefer the CLI versions, especially for book illustrations GUI applica-tions work just as well, and don’t require users to know the individual commands well When using the GUI version of FTP, all the user has to do is “drag and drop” the local routerconfig.txt fi le from the lower left pane to the lower right pane of the window to trigger the commands (which the application produces “automatically”) for the transfer to occur This is shown in Figure 1.3
With the GUI, the user does not have to issue any FTP commands directly
CLI and GUI
We’ll use both the CLI and GUI forms of TCP/IP applications in this book In a nod to tradition, we’ll use the CLI on the Unix systems and the GUI versions when Windows systems are used in the examples (CLI commands often capture details that are not easily seen in GUI-based applications.) Keep in mind that you can use GUI applications
FIGURE 1.3
File transfer with a GUI There are commands (user mouse clicks that trigger messages), responses (the server’s replies), and status lines (reports on the state of the interaction).
Trang 4on Unix and the CLI on Windows (you have to run cmd fi rst to access the Windows CLI) This listing shows the router confi guration fi le transfer of newrouterconfig.txt from the Windows XP system to router CE6, but with the Windows CLI and using the
IP address of the router
C:\Documents and Settings\Owner> ftp 10.10.12.1
Connected to 10.10.12.1.
220 R6 FTP server (version 6.00LS) ready.
User (10.10.12.1:none)):walterg
331 Password required for walterg.
Password: ********
ftp> dir
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 128
drwxr-xr-x 2 remote staff 512 Nov 20 2004 ssh
-rw-r r 1 remote staff 4316 Mar 25 2006 R6-base
-rw-r r 1 remote staff 4469 May 11 20:08 R6-cspf
-rw-r r 1 remote staff 4316 Jun 3 18:46 R6-rsvp
-rw-r r 1 remote staff 4242 Jun 16 14:44 R6-rsvp-message
-rw-r - 1 remote staff 559 Feb 3 2005 juniper.conf
-rw-r r 1 remote staff 4081 Dec 2 2005 merisha-base
-rw-r r 1 remote staff 2320 Dec 3 2005 richard-ASP-manual-SA
-rw-r r 1 remote staff 2358 Dec 2 2005 richard-base
-rw-r r 1 remote staff 7344 Sep 30 11:28 routerconfig.txt
-rw-r r 1 remote staff 4830 Jul 13 17:04 snmp-forwarding
-rw-r r 1 remote staff 3190 Jan 7 2006 tp6
-rw-r r 1 remote staff 4315 May 5 12:49 wjg-ORA-base-TP6
-rw-r r 1 remote staff 4500 May 6 09:47 wjg-tp6-with-ipv6
-rw-r r 1 remote staff 4956 May 8 13:42 wjg-with-ipv6
226 transfer complete
ftp: 923 bytes received in 0.00Seconds 923000.00Kbytes/sec.
ftp> bin
200 Type set to I
ftp> put newrouterconfig.text
200 PORT command successful.
150 Opening ASCII mode data connection for "newrouterconfig.txt".
226 Transfer complete.
ftp: 7723 bytes received in 0.00Seconds 7344000.00Kbytes/sec.
ftp>_
In some cases, we’ll list CLI examples line by line, as here, and in other cases we will show them in a fi gure
Ethereal and Packet Capture
Of course, showing a GUI or command line FTP session doesn’t reveal much about how the network functions We need to look at the bits that are fl owing through the
Trang 5network Also, we need to look at applications, such as the fi le transfer protocol, from the network perspective
To do so, we’ll use a packet capture utility This book will use the Ethereal packet capture program in fact and by name throughout, although shortly after the project began, Ethereal became Wireshark The software is the same, but all development will now be done through the Wireshark organization Wireshark (Ethereal) is available free
of charge at www.wireshark.org It is notable that Wireshark, unlike a lot of similar
applications, is available for Windows as well as most Unix/Linux variations
Ethereal is a network protocol analyzer program that keeps a copy of every packet
of information that emerges from or enters the system on a particular interface Ethe-real also parses the packet and shows not only the bit patterns, but what those bit groupings mean Ethereal has a summary screen, a pane for more detailed informa-tion, and a pane that shows the raw bits that Ethereal captured The nicest feature of
Ethereal is that the packet capture stream can be saved in a standard libpcap format
fi le (usually with a .capor .pcapextension), which is common among most protocol analyzers These fi les can be read and parsed and replayed by tcpdump and other appli-cations or Ethereal on other systems
Figure 1.4 shows the same router confi guration fi le transfer as in Figure 1.2 and 1.3, and at the same time However, this time the capture is not at the user level, but at the network level
FIGURE 1.4
Ethereal FTP capture of the fi le transfer shown earlier from the user perspective.
Trang 6Each packet captured is numbered sequentially and given a time stamp, and its source and destination address is listed The protocol is in the next column, followed
by the interpretation of the packet’s meaning and function The packet to request the router to STOR routerconfig.txt is packet number 26 in the sequence
Already we’ve learned something important: that with TCP/IP, the number of packets exchanged to accomplish even something basic and simple can be surpris-ingly large For this reason, in some cases, we’ll only show a section of the panes of the full Ethereal screen, only to cut down on screen clutter The captured fi les are always there to consult later
With these tools—CLI listings, GUI fi gures, and Ethereal captures—we are prepared
to explore all aspects of modern network operation using TCP/IP
First Explorations in Networking
We’ve already seen that an authorized user can access a router from a host We’ve seen that routers can run the ssh and ftp server applications sshd and ftpd, and the suspicion is that they might be able to run even more (they can just as easily be ssh and ftp clients) However, the router application suite is fairly restrictive You usually don’t, for example, send email to a router, or log in to a router and then browse Web sites There is a fundamental difference in the roles that hosts and routers play in a network A router doesn’t have all of the application software you would expect to
fi nd on a client or server, and a router uses them mainly for management purposes
However, it does have all the layers of the protocol suite.
TCP/IP networks are a mix of hosts and routers Hosts often talk to other devices
on the network, or expose their applications to the network, but their basic function
is to run programs However, network systems like routers exist to keep the network running, which is their primary task Router-based applications support this task, although in theory, routers only require a subset of the TCP/IP protocol suite layers to perform their operational role You also have to manage routers, and that requires some additional software in practice However, don’t expect to fi nd chat or other common client applications on a router
What is it about protocols and layers that is so important? That’s what the rest of this chapter is about Let’s start with what protocols are and where they come from
PROTOCOLS
Computers are systems or devices capable of running a number of processes These
processes are sometimes referred to as entities, but we’ll use the term processes
Computer networks enable communication between processes on two different devices that are capable of sending and receiving information in the form of bits (0s and 1s) What pattern should the exchange of bits follow? Processes that exchange
bit streams must agree on a protocol A protocol is a set of rules that determines all
aspects of data communication
Trang 7A protocol is a standard or convention that enables and controls the connec-tion, communicaconnec-tion, and transfer of information between two communications endpoints, or hosts A protocol defi nes the rules governing the syntax (what can
be communicated), semantics (how it can be communicated), and synchroniza-tion (when and at what speed it can be communicated) of the communicasynchroniza-tions procedure Protocols can be implemented on hardware, software, or a combination
of both
Protocols are not the same as standards: some standards have never been imple-mented as workable protocols, while some of the most useful protocols are only loosely defi ned (this sometimes makes interconnection an adventure) The protocols discussed in this book vary greatly in degree of sophistication and purpose However, most of the protocols specify one or more of the following:
Physical connection—The host typically uses different hardware depending on whether the connection is wired or wireless, and some other parameters might require man-ual confi guration However, protocols are used to supply details about the network connection (speed is part of this determination) The host can usually detect the presence (or absence) of the other endpoint devices as well
Handshaking—A protocol can define the rules for the initial exchange of infor-mation across the network
Negotiation of parameters—A protocol can define a series of actions to establish the rules and limits used for communicating across the network
Message delimiters—A protocol can define what will constitute the start and end
of a message on the network
Message format—A protocol can define how the content of a message is struc-tured, usually at the “field” level
Error detection—A protocol can define how the receiver can detect corrupt mes-sages, unexpected loss of connectivity, and what to do next A protocol can simply fail or try to correct the error
Error correction—A protocol can define what to do about these error situations Note that error recovery usually consists of both detection and correction protocols
Termination of communications—A protocol can define the rules for gracefully stopping communicating endpoints
Protocols at various layers provided the abstraction necessary for Internet suc-cess Application developers did not have to concern themselves overly with the physical properties of the network The expanded use of communications protocols has been a major contributor to the Internet’s success, acceptance, fl exibility, and power
Trang 8Standards and Organizations
Anyone can defi ne a protocol Simply devise a set of rules for any or all of the phases
of communication and convince others to make hardware or software that imple-ments the new method Of course, an implementer could try to be the only source
of a given protocol, a purely proprietary situation, and this was once a popular way
to develop protocols After all, who knew better how to network IBM computers
than IBM? Today, most closed protocols have given way to open protocols based on published standards, especially since the Internet strives for connectivity between
all types of computers and related devices and is not limited to equipment from
a certain vendor Anyone who implements an open protocol correctly from public documents should in most cases be able to interoperate with other versions of the same protocol
Standards promote and maintain an open and competitive market for network hardware and software The overwhelming need for interoperability today, both
nationally and internationally, has increased the set of choices in terms of vendor and capability for each aspect of data communications However, proprietary protocols intended for a limited architecture or physical network are still around, of course Pro-prietary protocols might have some very good application-specifi c protocols, but could probably not support things like the Web as we know it Making something a standard does not guarantee market acceptance, but it is very diffi cult for a protocol to succeed without a standard for everyone to follow Standards provide essential guidelines to manufacturers, vendors, service providers, consultants, government agencies, and users
to make sure the interconnectivity needed today is there
Data communication standards fall into two major categories: de jure (“by rule or regulation”) and de facto (“by fact or convention”).
De jure—These standards have been approved by an officially recognized body
whose job is to standardize protocols and other aspects of networking De jure standards often have the force of law, even if they are called
recommenda-tions (for these basic standards, it is recommended that nations use their own enforcement methods, such as fines, to make sure they are followed)
De facto —Standards that have not been formally approved but are widely followed
fall into this category If someone wants to do something different, such as
a manufacturer of network equipment, this method can be used to quickly establish a new product or technology These types of standards can always be
proposed for de jure approval.
When it comes to the Internet protocols, things are a bit more complicated There are very few offi cial standards, and there are no real penalties involved for not follow-ing them (other than the application not workfollow-ing as promised) On the Internet, a
“de facto standard” forms a reference implementation in this case De facto standards
are also often subportions or implementation details for formal standards, usually when
Trang 9the formal standard falls short of providing all the information needed to create a work-ing program Internet standard proposals in many cases require runnwork-ing code at some
stages of the process: at least the de facto code will cover the areas that the standard
missed
The standards for the TCP/IP protocol suite now come from the Internet Engineer-ing Task Force (IETF), workEngineer-ing in conjunction with other Internet organizations The IETF is neither strictly a de facto nor de jure standards organization: There is no force
of law behind Internet standards; they just don’t work the way they should if not done correctly We’ll look at the IETF in detail shortly The Internet uses more than protocol standards developed by the IETF The following organizations are the main ones that are the sources of these other standards
Institute of Electrical and Electronics Engineers
This international organization is the largest society of professional engineers in the world One of its jobs is to oversee the development and adaptation of international standards, often in the local area network (LAN) arena Examples of IEEE standards are all aspects of wireless LANs (IEEE 802.11)
American National Standards Institute
Although ANSI is actually a private nonprofi t organization, and has no affi liation with the federal government, its goals include serving as the national institution for coordinating voluntary standardization in the United States as a way of advancing the U.S economy and protecting the public interest ANSI’s members are consumer groups, government and regulatory bodies, industry associations, and professional societies Other countries have similar organizations that closely track ANSI’s actions The indispensable American Standard Code for Information Interchange (ACSII) that determines what bits mean is
an example of an ANSI standard
Electronic Industries Association
This is a nonprofi t organization aligned with ANSI to promote electronic manufactur-ing concerns The EIA has contributed to networkmanufactur-ing by defi nmanufactur-ing physical connection interfaces and specifying electrical signaling methods The popular Recommended Jack #45 (RJ-45) connector for twisted pair LANs is an example of an EIA standard
ISO, or International Standards Organization
Technically, this is the International Organization for Standardization in English, one of
its offi cial languages, but is always called the ISO “ISO” is not an acronym or initialism
for the organization’s full name in either English or French (its two offi cial languages)
Rather, the organization adopted ISO based on the Greek word isos, meaning equal
Recognizing that the organization’s initials would vary according to language, its found-ers chose ISO as the univfound-ersal short form of its name This, in itself, refl ects the aim of the organization: to equalize and standardize across cultures This multinational body’s members are drawn from the standards committees of various governments They are
Trang 10a voluntary organization dedicated to agreement on worldwide standards The ISO’s
major contribution in the fi eld of networking is with the creation of a model of data networking, the Open Systems Interconnection Reference Model (ISO-RM), which also
forms the basis for a working set of protocols The United States is represented by ANSI
in the ISO
International Telecommunications Union–Telecommunication Standards Sector
A global economy needs international standards not only for data networks, but for
the global public switched telephone network (PSTN) The United Nations formed a
committee under the International Telecommunications Union (ITU), known as the Consultative Committee for International Telegraphy and Telephony (CCITT), that was eventually reabsorbed into the parent body as the ITU-T in 1993 All communications that cross national boundaries must follow ITU-T “recommendations,” which have the force of law However, inside a nation, local standards can apply (and usually do)
A network architecture called asynchronous transfer mode (ATM) is an example of an ITU-T standard
In addition to these standards organizations, networking relies on various forums to
promote new technologies while the standardization process proceeds at the national and international levels Forum members essentially pledge to follow the specifi ca-tions of the forum when it comes to products, services, and so forth, although there
is seldom any penalty for failing to do so The Metro Ethernet Forum (MEF) is a good example of the modern forum in action
The role of regulatory agencies cannot be ignored in standard discussions It makes
no sense to develop a new service for wireless networking in the United States, for example, if the Federal Communications Commission (FCC) has forbidden the use of the frequencies used by the new service for that purpose Regulated industries include radio, television, and wireless and cable systems
Request for Comment and the Internet Engineering Task Force
What about the Internet itself? The Internet Engineering Task Force (IETF) is the organization directly responsible for the development of Internet standards The IETF has its own system for standardizing network components In particular, Inter-net standards cover many of the protocols used by devices attached to the InterInter-net, especially those closer to the user (applications) than to the physical network
Internet standards are formalized regulations followed and used by those who work on the Internet They are specifi cations that have been tested and must be followed There is a strict procedure that all Internet components follow to become
standards A specifi cation starts out as an Internet draft, a working document that
often is revised, has no offi cial status, and has a 6-month life span Developers often work from these drafts, and much can be learned from the practical experience of implementation of a draft If recommended, the Internet authorities can publish the
draft as a request for comment (RFC) The term is historical, and does not imply that